Vulnerabilities > Use of a Broken or Risky Cryptographic Algorithm
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-12-20 | CVE-2017-1598 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in IBM Security Guardium IBM Security Guardium 10.0 Database Activity Monitor uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. | 7.5 |
| 2017-12-17 | CVE-2017-17717 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in Sonatype Nexus Repository Manager Sonatype Nexus Repository Manager through 2.14.5 has weak password encryption with a hardcoded CMMDwoV value in the LDAP integration feature. | 9.8 |
| 2017-12-13 | CVE-2017-17382 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in Citrix products Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway 10.5 before build 67.13, 11.0 before build 71.22, 11.1 before build 56.19, and 12.0 before build 53.22 might allow remote attackers to decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, aka a ROBOT attack. | 5.9 |
| 2017-12-11 | CVE-2017-8866 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in Cognitoys Stemosaur Firmware 0.0.794 Elemental Path's CogniToys Dino smart toys through firmware version 0.0.794 share a fixed small pool of hardcoded keys, allowing a remote attacker to use a different Dino device to decrypt VoIP traffic between a child's Dino and remote server. | 5.9 |
| 2017-11-22 | CVE-2017-8191 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in Huawei Fusionsphere Openstack V100R006C00Spc102(Nfv) FusionSphere OpenStack V100R006C00SPC102(NFV)has a week cryptographic algorithm vulnerability. | 5.9 |
| 2017-11-22 | CVE-2017-8157 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in Huawei products OceanStor 5800 V3 with software V300R002C00 and V300R002C10, OceanStor 6900 V3 V300R001C00 has an information leakage vulnerability. | 5.9 |
| 2017-10-30 | CVE-2012-4449 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in Apache Hadoop Apache Hadoop before 0.23.4, 1.x before 1.0.4, and 2.x before 2.0.2 generate token passwords using a 20-bit secret when Kerberos security features are enabled, which makes it easier for context-dependent attackers to crack secret keys via a brute-force attack. | 9.8 |
| 2017-10-30 | CVE-2015-0226 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in Apache Wss4J Apache WSS4J before 1.6.17 and 2.0.x before 2.0.2 improperly leaks information about decryption failures when decrypting an encrypted key or message data, which makes it easier for remote attackers to recover the plaintext form of a symmetric key via a series of crafted messages. | 7.5 |
| 2017-10-29 | CVE-2017-15998 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in NQ Contacts Backup & Restore 1.1 In the "NQ Contacts Backup & Restore" application 1.1 for Android, DES encryption with a static key is used to secure transmitted contact data. | 7.5 |
| 2017-10-29 | CVE-2017-15997 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in NQ Contacts Backup & Restore 1.1 In the "NQ Contacts Backup & Restore" application 1.1 for Android, RC4 encryption is used to secure the user password locally stored in shared preferences. | 7.8 |